The new text might be a reaction to the e-mail scanning lawsuit.

Further Reading

Non-Gmail users never agreed to have their e-mail scanned, lawyers say.

Google added a paragraph to its terms of service as of Monday to tell customers that, yes, it does scan e-mail content for advertising and customized search results, among other reasons. The change comes as Google undergoes a lawsuit over its e-mail scanning, with the plaintiffs complaining that Google violated their privacy.

E-mail users brought the lawsuit against Google in 2013, alleging that the company was violating wiretapping laws by scanning the content of e-mails. The plaintiffs' complaints vary, but some of the cases include people who sent their e-mails to Gmail users from non-Gmail accounts and nonetheless had their content scanned. They argue that since they didn't use Gmail, they didn't consent to the scanning.

This is the full text of Google's terms of service addition related to e-mail scanning:

Our automated systems analyze your content (including e-mails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.

While the new text makes the scanning practices very clear, the issue at hand for many of the plaintiffs in Google's lawsuit is whether non-Gmail users are obligated to be familiar, or were familiar, with the Gmail terms of service even though they were not users themselves. The specific mention of "received" content suggests Google may not want the burden of warning non-Gmail users that e-mails sent to Gmail will be scanned.

But seriously we've known for years with any contention whatsoever that Google has been scanning emails. Yet Gmail is one of the more popular email services.

If you have a problem with Gmail it makes more sense to setup your own email provider (as detailed in an Ars article from a couple weeks back) or find another service. I don't really see why Google's been sued.

What about organizations that use Google for their mail service such as universities, and do not have an @gmail.com but an @[institution].edu addresses? Are people supposed to research and find out that the recipient's email is provided by Google and is therefore subject to scanning? Something doesn't seem right about this...

What about organizations that use Google for their mail service such as universities, and do not have an @gmail.com but an @[institution].edu addresses? Are people supposed to research and find out that the recipient's email is provided by Google and is therefore subject to scanning? Something doesn't seem right about this...

But seriously we've known for years with any contention whatsoever that Google has been scanning emails. Yet Gmail is one of the more popular email services.

If you have a problem with Gmail it makes more sense to setup your own email provider (as detailed in an Ars article from a couple weeks back) or find another service. I don't really see why Google's been sued.

Edit: spelling

They are only "upfront about it" now that they're being sued.

As to why they are being sued, it's because (as far as the plaintiffs are concerned) Google violated the users' privacy when scanning their messages. This is especially true when considering that messages that were sent from an outside service to a gmail address were scanned. Those people never agreed to anything.

As to why they are being sued, it's because (as far as the plaintiffs are concerned) Google violated the users' privacy when scanning their messages. This is especially true when considering that messages that were sent from an outside service to a gmail address were scanned. Those people never agreed to anything.

It's not that complicated really.

Given that all major email services scan emails and match keywords to identify spam or viruses, why is this different? Genuine question - I'd like to know.

It would seem to me as a VERY bad idea for a company or any organizations to use Gmail as their mail service.It is scanned, the attachments are scanned, we KNOW that the information used is so not only by Gmail, we KNOW that it is "de bonne guerre" for the US Gov. to spy on other companies / organizations to get an upstart in economic "warfare".

It seems to me as completely stupid to use Gmail as a mail provider, except when you use it as a "trash e-mail".But companies still use Gmail for their official business. Then, IMO, they deserve what happens to them and what use is done with the collected information...

As to why they are being sued, it's because (as far as the plaintiffs are concerned) Google violated the users' privacy when scanning their messages. This is especially true when considering that messages that were sent from an outside service to a gmail address were scanned. Those people never agreed to anything.

It's not that complicated really.

Given that all major email services scan emails and match keywords to identify spam or viruses, why is this different? Genuine question - I'd like to know.

Well, for one thing, if I send a mail to someone at gmail from an outside service, I've never made an agreement with Google that it's ok for THEM to scan my mail.

Agreed that they are really only being "upfront" about it now that they got caught...but I'm not really sure I can condemn Google fully for scanning incoming email. Certainly I think it's a privacy issue, but it's one that people can make their own minds up about.

It's obvious that Google wants to connect people not using their services to a real person and sell them ads. It's what Google does, after all. And as much as I hate the Scroogled ads...it is a relevant point of concern. Google might only want to use that information for ads, but if they're subpoenaed, that information is turned over to other people. A person can choose how they want to associate, and if they don't trust Google, that's their right.

Of course, others have a right to say "it's just ads, whatever, you're dumb". Personally, I find myself torn between both sides. Privacy is important, but good tools for free are also important. The deciding factor, for me, has been Google's moves outside of the privacy realm.

I think this is largely a good thing. The more it is publicized that Google scans incoming mail for content to connect, the more people can judge if that's something they want their mail provider to do. Informed consent requires that a person be informed, and this helps along that path pretty well.

As to why they are being sued, it's because (as far as the plaintiffs are concerned) Google violated the users' privacy when scanning their messages. This is especially true when considering that messages that were sent from an outside service to a gmail address were scanned. Those people never agreed to anything.

It's not that complicated really.

Given that all major email services scan emails and match keywords to identify spam or viruses, why is this different? Genuine question - I'd like to know.

Well, for one thing, if I send a mail to someone at gmail from an outside service, I've never made an agreement with Google that it's ok for THEM to scan my mail.

it's not your mail anymore once you've sent it to another person; it's theirs. they have entered the agreement with google. end of story.

As to why they are being sued, it's because (as far as the plaintiffs are concerned) Google violated the users' privacy when scanning their messages. This is especially true when considering that messages that were sent from an outside service to a gmail address were scanned. Those people never agreed to anything.

It's not that complicated really.

Given that all major email services scan emails and match keywords to identify spam or viruses, why is this different? Genuine question - I'd like to know.

Well, for one thing, if I send a mail to someone at gmail from an outside service, I've never made an agreement with Google that it's ok for THEM to scan my mail.

Lets say you send an email to someone who has an @outlook.com email address. Microsoft scans that email to determine if it's a virus, or to determine if it's spam.

Does Judge Koh have a magnet for these kinds of cases? A sign on her desk saying "dump the shitty, messy, going to piss everyone off and take a few years off your life tech cases here"?

As opposed to the cheerful, happy, "aww, I'm sorry! kiss kiss!" cases that other judges get? After all, their job, day in and day out, is to moderate expensive arguments between two parties who don't like each other very much. Fun!

Given that all major email services scan emails and match keywords to identify spam or viruses, why is this different? Genuine question - I'd like to know.

Well, spam and viruses look the same in anyone's email account, so there's no need to have non-completely anonymous data collection to build filters, whereas with ads, they're creating an "anonymous" profile of each account based on that account's data, and then sharing it with 3rd parties.

"Our automated systems analyze your content (including e-mails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored."

"including" emails means "not limited to emails only."

For example Google Voice, which uses keyword recognition and also has the capacity to record & store 100% of conversations passing through it. (Google Voice uses the Broadvox switching platform, which has call recording as a configurable feature that at least one other carrier leaves ON by default.)

"such as" means "these are some examples, but we may also do other things without telling you," for example feeding your content to NSA (Goog's apparent anti-NSA stance in public is meaningless; at most they regard NSA as "competition") or to the credit bureaus (Facebook already does that: you'll get your credit rating dinged if you "friend" too many people with bad credit ratings).

"customized search results" means "we can give you narcissistic self-reinforcement, or keep you in a little bubble, and you won't notice."

"....and when it is stored" means that Google, like the FBI's National Crime Information Center, never ever forgets.

"We're the Goog. We invented Search. We don't need no stinkin' warrant!"

Agreed that they are really only being "upfront" about it now that they got caught...but I'm not really sure I can condemn Google fully for scanning incoming email. Certainly I think it's a privacy issue, but it's one that people can make their own minds up about.

It's obvious that Google wants to connect people not using their services to a real person and sell them ads. It's what Google does, after all. And as much as I hate the Scroogled ads...it is a relevant point of concern. Google might only want to use that information for ads, but if they're subpoenaed, that information is turned over to other people. A person can choose how they want to associate, and if they don't trust Google, that's their right.

Of course, others have a right to say "it's just ads, whatever, you're dumb". Personally, I find myself torn between both sides. Privacy is important, but good tools for free are also important. The deciding factor, for me, has been Google's moves outside of the privacy realm.

I think this is largely a good thing. The more it is publicized that Google scans incoming mail for content to connect, the more people can judge if that's something they want their mail provider to do. Informed consent requires that a person be informed, and this helps along that path pretty well.

I think what is even more interesting is Microsoft did exactly the same thing, but no one rose hell about it, probably because we didn't even know they stopped until they came out with outlook.com and showed everyone why outlook was better than hotmail!

it's not your mail anymore once you've sent it to another person; it's theirs. they have entered the agreement with google. end of story.

Not quite. Anyways, were what you are saying actually the case, Judge Koh would have had a very decision to make when the motion to dismiss was made. Obviously, she didn't grant that motion. So it is quite possible that a violation of privacy did in fact take place.

What about organizations that use Google for their mail service such as universities, and do not have an @gmail.com but an @[institution].edu addresses? Are people supposed to research and find out that the recipient's email is provided by Google and is therefore subject to scanning? Something doesn't seem right about this...

They pay for the service, and thus they get no ads.

Whether or not they get ads is irrelevant. Whether their content passes through Google's NSA-like collection & analytics is what matters.

And unlike the real NSA, you don't get to vote for their boss every four years.

Well, for one thing, if I send a mail to someone at gmail from an outside service, I've never made an agreement with Google that it's ok for THEM to scan my mail.

No, but the person you sent it to did. You really can't control what they do with the mail you send them. You may not like it, and I can support that position, but if you send me a picture of you dressed as Star Child, I can post it to the web. You may not be my friend afterwards, but you lost control the moment you sent it.

Now, if you're concerned about it, I highly recommend you tell people that you're not going to send them stuff at gmail. Tell them why, explain your position, and say that you'd prefer to use another service. You can ask them to use an ephemeral email option (or use it yourself). Options like 10minutemail.com are pretty good for people that don't want to create long-term email accounts.

I agree with the sentiment of wanting privacy. But realistically, you don't have to consent as long as the recipient does. So the better solution is to speak with actions, and talk to people about what they could be providing-- not only to Google right now, but to any authority that might force Google to turn over evidence later.

How is "Scanning incoming email for spam and phishing" legally different from "Scanning incoming emails for advertising"? I would argue that if one violates the wiretapping act then both violate it, and virtually every email provider does scan incoming emails for spam.

Agreed that they are really only being "upfront" about it now that they got caught...but I'm not really sure I can condemn Google fully for scanning incoming email. Certainly I think it's a privacy issue, but it's one that people can make their own minds up about.

It's obvious that Google wants to connect people not using their services to a real person and sell them ads. It's what Google does, after all. And as much as I hate the Scroogled ads...it is a relevant point of concern. Google might only want to use that information for ads, but if they're subpoenaed, that information is turned over to other people. A person can choose how they want to associate, and if they don't trust Google, that's their right.

Of course, others have a right to say "it's just ads, whatever, you're dumb". Personally, I find myself torn between both sides. Privacy is important, but good tools for free are also important. The deciding factor, for me, has been Google's moves outside of the privacy realm.

I think this is largely a good thing. The more it is publicized that Google scans incoming mail for content to connect, the more people can judge if that's something they want their mail provider to do. Informed consent requires that a person be informed, and this helps along that path pretty well.

Honestly I don't see how people are saying that Google has been anything but upfront about their policy of scanning email content for ad matching.

Here :

Quote:

You may also have noticed some text ads or related links to the right of this message. They're placed there in the same way that ads are placed alongside Google search results and, through our AdSense program, on content pages across the web. The matching of ads to content in your Gmail messages is performed entirely by computers; never by people. Because the ads and links are matched to information that is of interest to you, we hope you'll find them relevant and useful.

That paragraph is from the very first email from Google in my Gmail inbox, over 10 years old at this point. I don't think they've been hiding this fact... Unless they somehow broadcast it to everyone that they do this... but Microsoft has done that job for them now with the Mark Penn backed attack ads.

Agreed that they are really only being "upfront" about it now that they got caught...but I'm not really sure I can condemn Google fully for scanning incoming email. Certainly I think it's a privacy issue, but it's one that people can make their own minds up about.

It's obvious that Google wants to connect people not using their services to a real person and sell them ads. It's what Google does, after all. And as much as I hate the Scroogled ads...it is a relevant point of concern. Google might only want to use that information for ads, but if they're subpoenaed, that information is turned over to other people. A person can choose how they want to associate, and if they don't trust Google, that's their right.

Of course, others have a right to say "it's just ads, whatever, you're dumb". Personally, I find myself torn between both sides. Privacy is important, but good tools for free are also important. The deciding factor, for me, has been Google's moves outside of the privacy realm.

I think this is largely a good thing. The more it is publicized that Google scans incoming mail for content to connect, the more people can judge if that's something they want their mail provider to do. Informed consent requires that a person be informed, and this helps along that path pretty well.

Honestly I don't see how people are saying that Google has been anything but upfront about their policy of scanning email content for ad matching.

Here :

Quote:

You may also have noticed some text ads or related links to the right of this message. They're placed there in the same way that ads are placed alongside Google search results and, through our AdSense program, on content pages across the web. The matching of ads to content in your Gmail messages is performed entirely by computers; never by people. Because the ads and links are matched to information that is of interest to you, we hope you'll find them relevant and useful.

That paragraph is from the very first email from Google in my Gmail inbox, over 10 years old at this point. I don't think they've been hiding this fact... Unless they somehow broadcast it to everyone that they do this... but Microsoft has done that job for them now with the Mark Penn backed attack ads.

It will be interesting to see if that can count as consent. Knowing the legal system, probably not.

WE might have, I'll grant that. Did the average user? Did the average person sending mail to a Gmail user? That's a heck of a lot of speculation. How many people do you think read that letter? How many people do you think have ever sent email to someone using a Gmail account? I think those numbers might be slightly different.

Quote:

https://www.privacyrights.org/ar/GmailLetter.htm

I think what is even more interesting is Microsoft did exactly the same thing, but no one rose hell about it, probably because we didn't even know they stopped until they came out with outlook.com!

Um...doesn't this sort of prove the opposite point? You're pointing out that most people were unaware of Microsoft's announcements. What makes you think that the average user was somehow more informed about Google's actions-- especially the people sending from non-Gmail accounts?

What about organizations that use Google for their mail service such as universities, and do not have an @gmail.com but an @[institution].edu addresses? Are people supposed to research and find out that the recipient's email is provided by Google and is therefore subject to scanning? Something doesn't seem right about this...

They pay for the service, and thus they get no ads.

And yet, Google scans the email anyway. Paying for the service does not buy you privacy.

What about organizations that use Google for their mail service such as universities, and do not have an @gmail.com but an @[institution].edu addresses?

They pay for the service, and thus they get no ads.

They pay for the service so they don't see ads on that service. I have no doubt Google still collects information on people to target them for ads elsewhere. After all, Google's an advertising company.

As to why they are being sued, it's because (as far as the plaintiffs are concerned) Google violated the users' privacy when scanning their messages. This is especially true when considering that messages that were sent from an outside service to a gmail address were scanned. Those people never agreed to anything.

It's not that complicated really.

Given that all major email services scan emails and match keywords to identify spam or viruses, why is this different? Genuine question - I'd like to know.

Antispam software does not provide financial incentives to the carriers that use it, for collecting & processing the contents of your email, other than by reducing spam load.

By analogy it's like the difference between store security guards watching for shoplifters, and store security guards asking you about your politics, religion, and sexuality on the way into the store.

Google does what's called "scraping," which means they look for anything they can monetize in any way. The thing we all know about is "advertising." What we don't know is what can hurt us.

See also "sentiment analysis," which is a euphemism for "trying to figure out your emotions."

IMHO that's as creepy as strangers walking up and kissing you on the lips. Whether they're sexy strangers or not is irrelevant, it's just creepy and invasive.

What about organizations that use Google for their mail service such as universities, and do not have an @gmail.com but an @[institution].edu addresses? Are people supposed to research and find out that the recipient's email is provided by Google and is therefore subject to scanning? Something doesn't seem right about this...

They pay for the service, and thus they get no ads.

And yet, Google scans the email anyway. Paying for the service does not buy you privacy.

I'm not so sure, what are you basing this off of? I did a cursory search of a Google Apps GMail account's ToS and they're different from my regular GMail account, with no mention of scanning (besides for law enforcement):

Well, for one thing, if I send a mail to someone at gmail from an outside service, I've never made an agreement with Google that it's ok for THEM to scan my mail.

No, but the person you sent it to did. You really can't control what they do with the mail you send them. You may not like it, and I can support that position, but if you send me a picture of you dressed as Star Child, I can post it to the web. You may not be my friend afterwards, but you lost control the moment you sent it.

Yes, you can. I've agreed to give you whatever information is in the email by sending it to you in the first place.

However, I never made any such agreement with Google. And am I, as a sender of email, meant to make myself aware of every ToS for every service to which I might send an email?

These are the sorts of questions I assume will be determined during the trial.